\beamer@endinputifotherversion {3.01pt}
\beamer@sectionintoc {1}{Outline}{2}{0}{1}
\beamer@subsectionintoc {1}{1}{Background}{3}{0}{1}
\beamer@subsectionintoc {1}{2}{Basic Analysis}{4}{0}{1}
\beamer@subsectionintoc {1}{3}{Advanced Analysis}{5}{0}{1}
\beamer@subsectionintoc {1}{4}{Custom Development}{6}{0}{1}
\beamer@sectionintoc {2}{Introduction}{8}{1}{2}
\beamer@subsectionintoc {2}{1}{Introduction}{9}{1}{2}
\beamer@subsectionintoc {2}{2}{Malware Analysis}{14}{1}{2}
\beamer@subsectionintoc {2}{3}{Questions to Consider}{18}{1}{2}
\beamer@sectionintoc {3}{VM's and Live Analysis}{24}{1}{3}
\beamer@subsectionintoc {3}{1}{Virtual Machines}{25}{1}{3}
\beamer@subsectionintoc {3}{2}{Live Analysis}{31}{1}{3}
\beamer@sectionintoc {4}{Architecture and OS}{40}{1}{4}
\beamer@subsectionintoc {4}{1}{x86 Architecture}{41}{1}{4}
\beamer@subsectionintoc {4}{2}{Microsoft Windows OS}{63}{1}{4}
\beamer@sectionintoc {5}{PE File Format}{82}{1}{5}
\beamer@subsectionintoc {5}{1}{Overview and Headers}{83}{1}{5}
\beamer@subsectionintoc {5}{2}{Interactive Walkthrough}{94}{1}{5}
\beamer@subsectionintoc {5}{3}{Import/Export Address Tables}{115}{1}{5}
\beamer@subsectionintoc {5}{4}{Updated PE32+ and Usage Examples}{128}{1}{5}
\beamer@sectionintoc {6}{Overview of Analysis Tools}{136}{2}{6}
\beamer@subsectionintoc {6}{1}{Debuggers}{137}{2}{6}
\beamer@subsectionintoc {6}{2}{Disassemblers / Decompilers}{140}{2}{6}
\beamer@subsectionintoc {6}{3}{Other}{144}{2}{6}
\beamer@subsectionintoc {6}{4}{Python}{145}{2}{6}
\beamer@sectionintoc {7}{(Dis)Assembly}{149}{2}{7}
\beamer@subsectionintoc {7}{1}{Crash Course}{150}{2}{7}
\beamer@subsectionintoc {7}{2}{Assembly Patterns}{156}{2}{7}
\beamer@sectionintoc {8}{IDA Pro}{181}{2}{8}
\beamer@subsectionintoc {8}{1}{Overview}{182}{2}{8}
\beamer@subsectionintoc {8}{2}{Overview of Views}{188}{2}{8}
\beamer@subsectionintoc {8}{3}{Driving IDA}{198}{2}{8}
\beamer@subsectionintoc {8}{4}{Customizations}{203}{2}{8}
\beamer@sectionintoc {9}{OllyDbg}{209}{2}{9}
\beamer@subsectionintoc {9}{1}{Overview}{210}{2}{9}
\beamer@subsectionintoc {9}{2}{Overview of Views}{212}{2}{9}
\beamer@subsectionintoc {9}{3}{Driving OllyDbg}{227}{2}{9}
\beamer@sectionintoc {10}{Executable (Un)Packing}{236}{3}{10}
\beamer@subsectionintoc {10}{1}{Executable Packing}{237}{3}{10}
\beamer@subsectionintoc {10}{2}{Executable Unpacking}{249}{3}{10}
\beamer@subsectionintoc {10}{3}{Packer Usage Statistics}{259}{3}{10}
\beamer@subsectionintoc {10}{4}{Unpacking Traces}{264}{3}{10}
\beamer@sectionintoc {11}{Anti Reverse Engineering}{280}{3}{11}
\beamer@subsectionintoc {11}{1}{Anti-Debugging}{281}{3}{11}
\beamer@subsectionintoc {11}{2}{Anti-Disassembling}{291}{3}{11}
\beamer@subsectionintoc {11}{3}{Anti-PE Analysis}{301}{3}{11}
\beamer@subsectionintoc {11}{4}{Anti-VM}{312}{3}{11}
\beamer@sectionintoc {12}{Binary Diffing and Matching}{322}{3}{12}
\beamer@subsectionintoc {12}{1}{Binary Diffing}{323}{3}{12}
\beamer@subsectionintoc {12}{2}{Example in Malware Analysis}{327}{3}{12}
\beamer@subsectionintoc {12}{3}{Binary Matching}{333}{3}{12}
\beamer@subsectionintoc {12}{4}{Exercises}{336}{3}{12}
\beamer@sectionintoc {13}{Advanced Malware Techniques}{337}{3}{13}
\beamer@subsectionintoc {13}{1}{Advanced Malware Techniques}{338}{3}{13}
\beamer@subsectionintoc {13}{2}{Anti-Detection/Obfuscation Measures}{338}{3}{13}
\beamer@subsectionintoc {13}{3}{Runtime Hiding Techniques}{347}{3}{13}
\beamer@subsectionintoc {13}{4}{Counter-Measures}{350}{3}{13}
\beamer@sectionintoc {14}{Analysis}{353}{4}{14}
\beamer@subsectionintoc {14}{1}{Analysis I}{354}{4}{14}
\beamer@subsectionintoc {14}{2}{Analysis II}{396}{4}{14}
\beamer@sectionintoc {15}{IDA Python}{440}{4}{15}
\beamer@subsectionintoc {15}{1}{Overview}{441}{4}{15}
\beamer@subsectionintoc {15}{2}{Examples}{443}{4}{15}
\beamer@subsectionintoc {15}{3}{Exercises}{450}{4}{15}
\beamer@sectionintoc {16}{PEFile and PyDasm}{452}{4}{16}
\beamer@subsectionintoc {16}{1}{Overview}{453}{4}{16}
\beamer@subsectionintoc {16}{2}{pefile}{455}{4}{16}
\beamer@subsectionintoc {16}{3}{pydasm}{463}{4}{16}
\beamer@subsectionintoc {16}{4}{Exercises}{469}{4}{16}
\beamer@sectionintoc {17}{PaiMei}{471}{4}{17}
\beamer@subsectionintoc {17}{1}{Overview}{472}{4}{17}
\beamer@subsectionintoc {17}{2}{Command Line Tools}{511}{4}{17}
\beamer@subsectionintoc {17}{3}{GUI and Tools}{547}{4}{17}
\beamer@subsectionintoc {17}{4}{Exercises}{555}{4}{17}
\beamer@sectionintoc {18}{Appendix}{559}{5}{18}
\beamer@subsectionintoc {18}{1}{References}{561}{5}{18}
\beamer@subsectionintoc {18}{2}{Slide Count}{565}{5}{18}
